Bug 2168631 (CVE-2022-4904)
Summary: | CVE-2022-4904 c-ares: buffer overflow in config_sortlist() due to missing string length check | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | askrabec, atikhono, hhorak, jburrell, jorton, jstanek, nodejs-maint, zsvetlik |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2023-05-09 20:45:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2170860, 2170861, 2170862, 2170863, 2170866, 2170867, 2170868, 2170869, 2170870, 2170871, 2170872, 2170873, 2175837, 2175838, 2175839, 2175840, 2176102, 2178099, 2178100, 2178101, 2178102, 2178103, 2178104, 2178105, 2178106, 2178150, 2178151, 2178152 | ||
Bug Blocks: | 2168630, 2175314 |
Description
Marian Rehak
2023-02-09 15:33:16 UTC
Created c-ares tracking bugs for this issue: Affects: fedora-all [bug 2170860] Created nodejs:14/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2170861] Created nodejs:16/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2170862] Created nodejs:18/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2170863] *** Bug 2165777 has been marked as a duplicate of this bug. *** This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1533 https://access.redhat.com/errata/RHSA-2023:1533 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1582 https://access.redhat.com/errata/RHSA-2023:1582 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:1742 https://access.redhat.com/errata/RHSA-2023:1742 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1743 https://access.redhat.com/errata/RHSA-2023:1743 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:1744 https://access.redhat.com/errata/RHSA-2023:1744 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2654 https://access.redhat.com/errata/RHSA-2023:2654 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2655 https://access.redhat.com/errata/RHSA-2023:2655 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-4904 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4035 https://access.redhat.com/errata/RHSA-2023:4035 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:5533 https://access.redhat.com/errata/RHSA-2023:5533 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:6291 https://access.redhat.com/errata/RHSA-2023:6291 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6635 https://access.redhat.com/errata/RHSA-2023:6635 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7116 https://access.redhat.com/errata/RHSA-2023:7116 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2023:7368 https://access.redhat.com/errata/RHSA-2023:7368 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2023:7543 https://access.redhat.com/errata/RHSA-2023:7543 |